Security update for Chromium SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2134-1 Final 1 1 2018-07-28T18:12:44Z current 2018-07-28T18:12:44Z 2018-07-28T18:12:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Chromium This update for Chromium to version 68.0.3440.75 fixes multiple issues. Security issues fixed (boo#1102530): - CVE-2018-6153: Stack buffer overflow in Skia - CVE-2018-6154: Heap buffer overflow in WebGL - CVE-2018-6155: Use after free in WebRTC - CVE-2018-6156: Heap buffer overflow in WebRTC - CVE-2018-6157: Type confusion in WebRTC - CVE-2018-6158: Use after free in Blink - CVE-2018-6159: Same origin policy bypass in ServiceWorker - CVE-2018-6161: Same origin policy bypass in WebAudio - CVE-2018-6162: Heap buffer overflow in WebGL - CVE-2018-6163: URL spoof in Omnibox - CVE-2018-6164: Same origin policy bypass in ServiceWorker - CVE-2018-6165: URL spoof in Omnibox - CVE-2018-6166: URL spoof in Omnibox - CVE-2018-6167: URL spoof in Omnibox - CVE-2018-6168: CORS bypass in Blink - CVE-2018-6169: Permissions bypass in extension installation - CVE-2018-6170: Type confusion in PDFium - CVE-2018-6171: Use after free in WebBluetooth - CVE-2018-6172: URL spoof in Omnibox - CVE-2018-6173: URL spoof in Omnibox - CVE-2018-6174: Integer overflow in SwiftShader - CVE-2018-6175: URL spoof in Omnibox - CVE-2018-6176: Local user privilege escalation in Extensions - CVE-2018-6177: Cross origin information leak in Blink - CVE-2018-6178: UI spoof in Extensions - CVE-2018-6179: Local file information leak in Extensions - CVE-2018-6044: Request privilege escalation in Extensions - CVE-2018-4117: Cross origin information leak in Blink The following user interface changes are included: - Chrome will show the "Not secure" warning on all plain HTTP pages The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html E-Mail link for openSUSE-SU-2018:2134-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub for SUSE Linux Enterprise 12 SP2 chromedriver-68.0.3440.75-61.1 chromium-68.0.3440.75-61.1 chromedriver-68.0.3440.75-61.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 SP2 chromium-68.0.3440.75-61.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 SP2 An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site. CVE-2018-4117 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-4117.html CVE-2018-4117 https://bugzilla.suse.com/1088182 SUSE Bug 1088182 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6044 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6044.html CVE-2018-6044 https://bugzilla.suse.com/1077571 SUSE Bug 1077571 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A precision error in Skia in Google Chrome prior to 68.0.3440.75 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. CVE-2018-6153 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6153.html CVE-2018-6153 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6154 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6154.html CVE-2018-6154 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6155 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6155.html CVE-2018-6155 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6156 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6156.html CVE-2018-6156 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6157 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6157.html CVE-2018-6157 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6158 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6158.html CVE-2018-6158 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6159 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6159.html CVE-2018-6159 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6161 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6161.html CVE-2018-6161 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Improper deserialization in WebGL in Google Chrome on Mac prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. CVE-2018-6162 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6162.html CVE-2018-6162 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6163 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6163.html CVE-2018-6163 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. CVE-2018-6164 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6164.html CVE-2018-6164 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of reloads in Navigation in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. CVE-2018-6165 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6165.html CVE-2018-6165 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6166 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6166.html CVE-2018-6166 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6167 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6167.html CVE-2018-6167 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6168 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6168.html CVE-2018-6168 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Lack of timeout on extension install prompt in Extensions in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to trigger installation of an unwanted extension via a crafted HTML page. CVE-2018-6169 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6169.html CVE-2018-6169 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 A bad cast in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. CVE-2018-6170 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6170.html CVE-2018-6170 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6171 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6171.html CVE-2018-6171 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6172 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6172.html CVE-2018-6172 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6173 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6173.html CVE-2018-6173 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Integer overflows in Swiftshader in Google Chrome prior to 68.0.3440.75 potentially allowed a remote attacker to execute arbitrary code via a crafted HTML page. CVE-2018-6174 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6174.html CVE-2018-6174 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. CVE-2018-6175 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6175.html CVE-2018-6175 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6176 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6176.html CVE-2018-6176 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2018-6177 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6177.html CVE-2018-6177 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. CVE-2018-6178 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6178.html CVE-2018-6178 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235 Insufficient enforcement of file access permission in the activeTab case in Extensions in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension. CVE-2018-6179 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromedriver-68.0.3440.75-61.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:chromium-68.0.3440.75-61.1 important Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-07/msg00051.html https://www.suse.com/security/cve/CVE-2018-6179.html CVE-2018-6179 https://bugzilla.suse.com/1086124 SUSE Bug 1086124 https://bugzilla.suse.com/1102530 SUSE Bug 1102530 https://bugzilla.suse.com/1107235 SUSE Bug 1107235